From b8b485ffb4a417d1c8e6ff173833bf5db9ef1441 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 7 Dec 2024 17:04:41 +0100 Subject: [PATCH 1/2] log stdout/err from updates check on Debian This is especially useful for diagnosing update check issues on Debian/Whonix. --- package-managers/upgrades-installed-check | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/package-managers/upgrades-installed-check b/package-managers/upgrades-installed-check index aaf18ccc4..d572ea042 100755 --- a/package-managers/upgrades-installed-check +++ b/package-managers/upgrades-installed-check @@ -24,11 +24,12 @@ elif [ -e /etc/debian_version ]; then set -e set -o pipefail # shellcheck disable=SC2034 - apt_get_update_output="$(apt-get -q update 2>&1)" + apt_get_update_output="$(apt-get -q update 2>&1 | tee /proc/self/fd/2)" apt_get_upgrade_output="$(LANG="C" apt-get -s upgrade 2>&1)" exit_code="$?" # shellcheck disable=SC2266 echo "$apt_get_upgrade_output" | awk "/^Inst/{ print $2 }" | [ "$(wc -L)" -eq 0 ] && echo "true" || echo "false" + echo "$apt_get_upgrade_output" >&2 elif [ -e /etc/arch-release ]; then ## Archlinux checkupdates >/dev/null 2>&1 From e3202dcf7052fcaa2b02b2205695e2728c47f315 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20Marczykowski-G=C3=B3recki?= Date: Sat, 4 Jan 2025 04:23:08 +0100 Subject: [PATCH 2/2] apt: skip 'apt-get update' when running from apt already Do not call 'apt-get update' in post-invoke hook, as APT database is locked at this time. Since this happens after packages install/update, it should be already up to date at that point. Fixes QubesOS/qubes-issues#9673 --- package-managers/apt-conf-00notify-hook | 2 +- package-managers/upgrades-installed-check | 14 ++++++++++++-- package-managers/upgrades-status-notify | 7 ++++++- 3 files changed, 19 insertions(+), 4 deletions(-) diff --git a/package-managers/apt-conf-00notify-hook b/package-managers/apt-conf-00notify-hook index adc34af8a..b4ef13215 100644 --- a/package-managers/apt-conf-00notify-hook +++ b/package-managers/apt-conf-00notify-hook @@ -1 +1 @@ -DPkg::Post-Invoke {"/usr/lib/qubes/upgrades-status-notify || true";}; +DPkg::Post-Invoke {"/usr/lib/qubes/upgrades-status-notify skip-refresh || true";}; diff --git a/package-managers/upgrades-installed-check b/package-managers/upgrades-installed-check index d572ea042..b9b80a576 100755 --- a/package-managers/upgrades-installed-check +++ b/package-managers/upgrades-installed-check @@ -5,8 +5,16 @@ ## * 'false' - if there are pending upgrades ## * nothing - if apt-get is currently locked ## +## optional argument "skip-refresh" can be used to not refresh metadata (useful +## when it's already up to date, like after installing updates) +## ## Forwards the exit code of the package manager. +skip_refresh=false +if [ "$1" = "skip-refresh" ]; then + skip_refresh=true +fi + if [ -e /etc/system-release ]; then ## Fedora if command -v dnf >/dev/null; then @@ -23,8 +31,10 @@ elif [ -e /etc/debian_version ]; then ## Debian set -e set -o pipefail - # shellcheck disable=SC2034 - apt_get_update_output="$(apt-get -q update 2>&1 | tee /proc/self/fd/2)" + if ! $skip_refresh; then + # shellcheck disable=SC2034 + apt_get_update_output="$(apt-get -q update 2>&1 | tee /proc/self/fd/2)" + fi apt_get_upgrade_output="$(LANG="C" apt-get -s upgrade 2>&1)" exit_code="$?" # shellcheck disable=SC2266 diff --git a/package-managers/upgrades-status-notify b/package-managers/upgrades-status-notify index 791ae2706..7a6e848bf 100755 --- a/package-managers/upgrades-status-notify +++ b/package-managers/upgrades-status-notify @@ -14,7 +14,12 @@ else fi fi -upgrades_installed="$(/usr/lib/qubes/upgrades-installed-check)" +script_arg= +if [ "$1" = "skip-refresh" ]; then + script_arg=skip-refresh +fi + +upgrades_installed="$(/usr/lib/qubes/upgrades-installed-check $script_arg)" if [ "$upgrades_installed" = "true" ]; then /usr/lib/qubes/qrexec-client-vm dom0 qubes.NotifyUpdates /bin/sh -c 'echo 0'